On Sun, 10 Dec 2017 11:25:50 +0000, Martin Pieuchot wrote:
> On 08/12/17(Fri) 12:58, kshe wrote:
> > I noticed one instance where the size given to free(9) can easily be
> > determined.
>
> What about the other free(9)s in the same function?
Somehow I did not immediately realize that rtm_report() would simply
store the allocated length in rtm->rtm_msglen. Now that I do, here is
an updated diff dealing with the remaining calls (along with some more
unrelated whitespace fixes).
Index: rtsock.c
===================================================================
RCS file: /cvs/src/sys/net/rtsock.c,v
retrieving revision 1.256
diff -u -p -r1.256 rtsock.c
--- rtsock.c 10 Dec 2017 11:25:18 -0000 1.256
+++ rtsock.c 11 Dec 2017 07:27:49 -0000
@@ -697,17 +697,18 @@ route_output(struct mbuf *m, struct sock
* Validate RTM_PROPOSAL and pass it along or error out.
*/
if (rtm->rtm_type == RTM_PROPOSAL) {
- if (rtm_validate_proposal(&info) == -1) {
+ if (rtm_validate_proposal(&info) == -1) {
error = EINVAL;
goto fail;
- }
+ }
} else {
error = rtm_output(rtm, &rt, &info, prio, tableid);
if (!error) {
type = rtm->rtm_type;
seq = rtm->rtm_seq;
- free(rtm, M_RTABLE, 0);
+ free(rtm, M_RTABLE, len);
rtm = rtm_report(rt, type, seq, tableid);
+ len = rtm->rtm_msglen;
}
}
@@ -725,18 +726,18 @@ route_output(struct mbuf *m, struct sock
if (route_cb.any_count <= 1) {
/* no other listener and no loopback of messages */
fail:
- free(rtm, M_RTABLE, 0);
+ free(rtm, M_RTABLE, len);
m_freem(m);
return (error);
}
}
if (rtm) {
- if (m_copyback(m, 0, rtm->rtm_msglen, rtm, M_NOWAIT)) {
+ if (m_copyback(m, 0, len, rtm, M_NOWAIT)) {
m_freem(m);
m = NULL;
- } else if (m->m_pkthdr.len > rtm->rtm_msglen)
- m_adj(m, rtm->rtm_msglen - m->m_pkthdr.len);
- free(rtm, M_RTABLE, 0);
+ } else if (m->m_pkthdr.len > len)
+ m_adj(m, len - m->m_pkthdr.len);
+ free(rtm, M_RTABLE, len);
}
if (m)
route_input(m, so, info.rti_info[RTAX_DST] ?
@@ -1161,7 +1162,7 @@ route_cleargateway(struct rtentry *rt, v
if (ISSET(rt->rt_flags, RTF_GATEWAY) && rt->rt_gwroute == nhrt &&
!ISSET(rt->rt_locks, RTV_MTU))
- rt->rt_mtu = 0;
+ rt->rt_mtu = 0;
return (0);
}
@@ -1485,7 +1486,7 @@ void
rtm_addr(struct rtentry *rt, int cmd, struct ifaddr *ifa)
{
struct ifnet *ifp = ifa->ifa_ifp;
- struct mbuf *m = NULL;
+ struct mbuf *m;
struct rt_addrinfo info;
struct ifa_msghdr *ifam;
Regards,
kshe
